Versions Compared

Old Version 4

changes.mady.by.user Jean-luc KRIKER

Saved on

compared with

New Version 5

changes.mady.by.user Jean-luc KRIKER

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Create a filter with a policer

set firewall family inet filter hard-filter term from-10 from source-address 10.10.10.0/24

set firewall family inet filter hard-filter term from-10 then policer drop-excess-traffic

set firewall family inet filter hard-filter term from-10 then accept

set firewall family inet filter hard-filter term all-other-traffic then accept



set firewall policer drop-excess-traffic if-exceeding bandwith-limit 2m

set firewall policer drop-excess-traffic if-exceeding burst-size-limit 5k 

set firewall policer drop-excess-traffic then discard

Applyto Interface

set interface ge-0/0/0 unit 0 family inet filter input hard-filter
Applyto firewall filter




https://www.juniper.net/documentation/us/en/software/junos/cos/topics/example/policer-single-rate-two-color-mfc-example.html



discard


Code Block
titlefirewall policer
set firewall policer discard if-exceeding bandwidth-limit 700m
set firewall policer discard if-exceeding burst-size-limit 15k
set firewall policer discard then discard


firewall filter


Code Block
titlefirewall filter
set firewall family inet filter mf-classifier term BE-data from protocol tcp
set firewall family inet filter mf-classifier term BE-data from port http
set firewall family inet filter mf-classifier term BE-data then forwarding-class BE-data
set firewall family inet filter mf-classifier term BE-data then policer discard

set firewall family inet filter mf-classifier term Premium-data from protocol tcp
set firewall family inet filter mf-classifier term Premium-data from port 12345
set firewall family inet filter mf-classifier term Premium-data then forwarding-class Premium-data
set firewall family inet filter mf-classifier term Premium-data then policer discard

set firewall family inet filter mf-classifier term accept then accept






Apply fw filter to interface


Code Block
titleapply fw filter to interface
set interfaces ge-2/0/5 description to-Host
set interfaces ge-2/0/5 unit 0 family inet address 172.16.70.2/30
set interfaces ge-2/0/5 unit 0 family inet filter input mf-classifier